Certificates not working [apache]

Help
1

106
Hi everyone!
I've recently had a problem creating a certificates .
There's no program running on port 80, nor is the firewall the problem.
I've attached the log.

2026-01-21 09:13:19,013:DEBUG:certbot._internal.main:certbot version: 2.6.0
2026-01-21 09:13:19,013:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files\Certbot\bin\certbot.exe
2026-01-21 09:13:19,013:DEBUG:certbot._internal.main:Arguments: ['--standalone', '--preconfigured-renewal']
2026-01-21 09:13:19,013:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-01-21 09:13:19,787:DEBUG:certbot._internal.log:Root logging level set at 30
2026-01-21 09:13:19,794:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2026-01-21 09:13:19,796:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x00000185B5F7CF40>
Prep: True
2026-01-21 09:13:19,797:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x00000185B5F7CF40> and installer None
2026-01-21 09:13:19,797:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2026-01-21 09:13:19,840:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1352332646', new_authzr_uri=None, terms_of_service=None), bbaaa3333787270e381be9a2b07d7e27, Meta(creation_dt=datetime.datetime(2023, 10, 9, 22, 23, 13, tzinfo=<UTC>), creation_host='Roersoft.Rogersoft', register_to_eff=None))>
2026-01-21 09:13:19,859:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-01-21 09:13:19,863:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-01-21 09:13:20,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1033
2026-01-21 09:13:20,284:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:20 GMT
Content-Type: application/json
Content-Length: 1033
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "xxfOvNQeio4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2026-01-21 09:13:20,284:DEBUG:certbot.display.ops:No installer, picking names manually
2026-01-21 09:13:30,177:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-01-05 15:06:23 UTC.
2026-01-21 09:13:30,177:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-01-21 09:13:30,178:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for dend.nl.eu.org and www.dend.nl.eu.org
2026-01-21 09:13:30,211:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer <certbot._internal.cli.cli_utils._Default object at 0x00000185B68181F0>
2026-01-21 09:13:30,213:DEBUG:acme.client:Requesting fresh nonce
2026-01-21 09:13:30,213:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-01-21 09:13:30,345:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-01-21 09:13:30,346:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:30 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: H6cLU6QyTJGkE_JIL_AVAKqbGjfzqIww0ucE_0MEi1lTepA8zgA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-01-21 09:13:30,346:DEBUG:acme.client:Storing nonce: H6cLU6QyTJGkE_JIL_AVAKqbGjfzqIww0ucE_0MEi1lTepA8zgA
2026-01-21 09:13:30,347:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "dend.nl.eu.org"\n    },\n    {\n      "type": "dns",\n      "value": "www.dend.nl.eu.org"\n    }\n  ]\n}'
2026-01-21 09:13:30,349:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJINmNMVTZReVRKR2tFX0pJTF9BVkFLcWJHamZ6cUl3dzB1Y0VfME1FaTFsVGVwQTh6Z0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "NRm5gKwQG2CwNUbftuQp4u7DcWWJ5ZwVmFZzYmC5wn0wOiP78WqPObMRD-IZM2HQ3tH7cW6_d0NGK0EWRkrpm-ICaQeBYPNZ-UKRIqFsxxwhBCI4803qftC-cuQ82sf6nLmPmltqeCTKnrczI9csOYhlE00NtNVYrGzTQBNVgoD16hVhsOVYFrSGNQ0o7J8UyNWW_6BobwDwtRdGPhGJrB8nTy5BKUt2OHJOmJ2wVJ4o9GL_FRy4oXj5OIZo-3oEVda814ubZUq46EMS8HwfEouehdVS_TX1kG9wn9GClJs5y4sqFauq44Sopdc95ylTBdIhOMyi2CM4SWgDp1N3Mg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImRlbmQubmwuZXUub3JnIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5kZW5kLm5sLmV1Lm9yZyIKICAgIH0KICBdCn0"
}
2026-01-21 09:13:30,605:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 497
2026-01-21 09:13:30,606:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 21 Jan 2026 08:13:30 GMT
Content-Type: application/json
Content-Length: 497
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1352332646/471833723576
Replay-Nonce: H6cLU6QyzSZQGfbpENHN83iuqPhnoC62pdZHk1mLybBgw8q0xus
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-01-28T08:13:30Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "dend.nl.eu.org"
    },
    {
      "type": "dns",
      "value": "www.dend.nl.eu.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646431730826",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646433378316"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1352332646/471833723576"
}
2026-01-21 09:13:30,606:DEBUG:acme.client:Storing nonce: H6cLU6QyzSZQGfbpENHN83iuqPhnoC62pdZHk1mLybBgw8q0xus
2026-01-21 09:13:30,606:DEBUG:acme.client:JWS payload:
b''
2026-01-21 09:13:30,608:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646431730826:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJINmNMVTZReXpTWlFHZmJwRU5ITjgzaXVxUGhub0M2MnBkWkhrMW1MeWJCZ3c4cTB4dXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzEzNTIzMzI2NDYvNjQ2NDMxNzMwODI2In0",
  "signature": "GTBxcmkKceVmqYBZA1aUOQoRrCbKcD6kqIYBloyLG-Zc4E_G02MtnYeBE3K7cMC-_X-7iYXd7RNCU3XsuO_ETyXEmJGHDNVYewnyN7Dv2KkD7K3Iw9DzfX0b5gRd00Wed-atMfZZH0n1BgRVvYiGEBvsvz0qq-tFolUGChgBZV4olMoxh6UNwbF8F_9s9BPDe0Fz3Kr-36xKbNJsf02qOJk1hV4aLQzFhr2Cn6vZGmWnOdkIOJpHZDRMiY-6YD7hxNxKDII4WzqfcOxveOqPj0D7JgevEj2OHlNDnhYlE-j2sAnvCtM0uJpRK_JdLvoegzB7gPsb-P7GaDCrgEjuGg",
  "payload": ""
}
2026-01-21 09:13:30,753:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1352332646/646431730826 HTTP/1.1" 200 1092
2026-01-21 09:13:30,754:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:30 GMT
Content-Type: application/json
Content-Length: 1092
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: H6cLU6QyzdmyWvlGnyNwbm_VbEdO25ZHvA3NXcG-HxAf9VOE6-U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.dend.nl.eu.org"
  },
  "status": "valid",
  "expires": "2026-02-20T08:09:24Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646431730826/CkTmCA",
      "status": "valid",
      "validated": "2026-01-21T08:09:16Z",
      "token": "L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
      "validationRecord": [
        {
          "url": "http://www.dend.nl.eu.org/.well-known/acme-challenge/L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
          "hostname": "www.dend.nl.eu.org",
          "port": "80",
          "addressesResolved": [
            "86.84.60.35"
          ],
          "addressUsed": "86.84.60.35"
        },
        {
          "url": "https://www.dend.nl.eu.org/.well-known/acme-challenge/L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
          "hostname": "www.dend.nl.eu.org",
          "port": "443",
          "addressesResolved": [
            "86.84.60.35"
          ],
          "addressUsed": "86.84.60.35"
        }
      ]
    }
  ]
}
2026-01-21 09:13:30,754:DEBUG:acme.client:Storing nonce: H6cLU6QyzdmyWvlGnyNwbm_VbEdO25ZHvA3NXcG-HxAf9VOE6-U
2026-01-21 09:13:30,754:DEBUG:acme.client:JWS payload:
b''
2026-01-21 09:13:30,755:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646433378316:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJINmNMVTZReXpkbXlXdmxHbnlOd2JtX1ZiRWRPMjVaSHZBM05YY0ctSHhBZjlWT0U2LVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzEzNTIzMzI2NDYvNjQ2NDMzMzc4MzE2In0",
  "signature": "SPtbBMln1QNN_GqB9OM9Bbtel7MBsIpvL6wokCXGyHZGaL8dtKgUxyajaEmjJM776Pi1Z48aElg7KML8sXJ39JepPOGlOoHCRKFrjOvgtUYbfbnZqFqDGcPSoDgsoFOEmz6SImEPNUEzScOFzJaem1O7hzsYxanc_EkzIY172LTNdpCW0Sx5IauczzMA0TYbHWIiV3dydvLeS1OODcwoNRIQiAz9DR89Fvqw3UK04ydVfi1Au2BTX034LhcPZwr45fcJhIQ649mDClZkbZKkKNZaarEY88_L3iDi0pwpnrEaFNhPmwtHf87AjOPysMU6F0GBJA_FzHcbiFZV3im7RA",
  "payload": ""
}
2026-01-21 09:13:30,889:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1352332646/646433378316 HTTP/1.1" 200 822
2026-01-21 09:13:30,890:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:31 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: H6cLU6QyyHL6as4lnnYBmGSoHIc-rQxiTdH9G1gKVgZEx-m79O0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "dend.nl.eu.org"
  },
  "status": "pending",
  "expires": "2026-01-28T08:13:30Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/2N_wIw",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/BPKGZA",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    }
  ]
}
2026-01-21 09:13:30,890:DEBUG:acme.client:Storing nonce: H6cLU6QyyHL6as4lnnYBmGSoHIc-rQxiTdH9G1gKVgZEx-m79O0
2026-01-21 09:13:30,891:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-01-21 09:13:30,891:INFO:certbot._internal.auth_handler:http-01 challenge for dend.nl.eu.org
2026-01-21 09:13:30,894:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2026-01-21 09:13:31,767:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2026-01-21 09:13:31,770:DEBUG:acme.client:JWS payload:
b'{}'
2026-01-21 09:13:31,772:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJINmNMVTZReXlITDZhczRsbm5ZQm1HU29ISWMtclF4aVRkSDlHMWdLVmdaRXgtbTc5TzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzEzNTIzMzI2NDYvNjQ2NDMzMzc4MzE2L0w2ZTVhdyJ9",
  "signature": "tj6Sqkc5zoWZwYPB54K1cSsWzFScGm1zx_DL6j2gZkSjqCQVbrQG-qKNPmElam54lOQtmRE2Xs7PtcY14hDh6OUPidRmspFbGZvrHdIXpmJVg25eI97UJbYmSmZH41S0kGq2ia32-lxy9H-JlHFebDW7q_PkzmjzAx768hw2vSg2VpxtuhS9Y-Iar9MCySP9W7_VxbCsism3ALst_G6VkmqLBO68g3srUn99UU7RRLuAzyoUGimSF392MoaXE4hBrFvAUQmDqG-VYNhQtfXeP40i5UokCH3CK72RQmbtDbi4ek0QatVq8YmmDrTbwJsO2UQa0ZQu_lK3C1YOBY5UIQ",
  "payload": "e30"
}
2026-01-21 09:13:31,907:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/1352332646/646433378316/L6e5aw HTTP/1.1" 200 195
2026-01-21 09:13:31,908:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:32 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646433378316>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw
Replay-Nonce: H6cLU6QyHsnWQreqzyRlKFVnqUzZZRk5oQOFYfY-HGUmR5ATqXY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw",
  "status": "pending",
  "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
}
2026-01-21 09:13:31,908:DEBUG:acme.client:Storing nonce: H6cLU6QyHsnWQreqzyRlKFVnqUzZZRk5oQOFYfY-HGUmR5ATqXY
2026-01-21 09:13:31,908:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-01-21 09:13:32,923:DEBUG:acme.client:JWS payload:
b''
2026-01-21 09:13:32,925:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646431730826:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJINmNMVTZReUhzbldRcmVxenlSbEtGVm5xVXpaWlJrNW9RT0ZZZlktSEdVbVI1QVRxWFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzEzNTIzMzI2NDYvNjQ2NDMxNzMwODI2In0",
  "signature": "BIZWI-XyCcJ7ny4YoDBCxv7FKtFgQ5Hy7lArOq8OQRN9cUhCzET0qgIELi9j92qFJxnALZgep6mf8Jhqynub6yuq9Q8WNzFZXO4kvLtb7GOXiJQvn6sQM5zpWOD6XONBLQLoqe4ar-q5b3N1aW13RRR6DUfzfIGqRDCbOlVxeN47UCtJXp5N__7TNpboVIDKaJB8pEyY3REBzPF4BSuUsOkTMceeAAlNuBukrDMIHVJWI_dnR-gHmQLT8KDUNBeLPkoBaR6hhQLg6xavi8NA0h4ScYvbDKj9U7xr-3TFJ13GjFE-yTmLG5cA1av1uamMjBzQ7MNiFvqPfV5VKqAzxA",
  "payload": ""
}
2026-01-21 09:13:33,246:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1352332646/646431730826 HTTP/1.1" 200 1092
2026-01-21 09:13:33,247:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:33 GMT
Content-Type: application/json
Content-Length: 1092
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: LJ8hB_GOfUCDBik2DwNtP134HNFuS6dixWddrD22muFJt5KdJK8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.dend.nl.eu.org"
  },
  "status": "valid",
  "expires": "2026-02-20T08:09:24Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646431730826/CkTmCA",
      "status": "valid",
      "validated": "2026-01-21T08:09:16Z",
      "token": "L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
      "validationRecord": [
        {
          "url": "http://www.dend.nl.eu.org/.well-known/acme-challenge/L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
          "hostname": "www.dend.nl.eu.org",
          "port": "80",
          "addressesResolved": [
            "86.84.60.35"
          ],
          "addressUsed": "86.84.60.35"
        },
        {
          "url": "https://www.dend.nl.eu.org/.well-known/acme-challenge/L8rmvSplzQn3smDjZjLR9cRj5kpyrSLiplLjE7YyIIk",
          "hostname": "www.dend.nl.eu.org",
          "port": "443",
          "addressesResolved": [
            "86.84.60.35"
          ],
          "addressUsed": "86.84.60.35"
        }
      ]
    }
  ]
}
2026-01-21 09:13:33,247:DEBUG:acme.client:Storing nonce: LJ8hB_GOfUCDBik2DwNtP134HNFuS6dixWddrD22muFJt5KdJK8
2026-01-21 09:13:33,248:DEBUG:acme.client:JWS payload:
b''
2026-01-21 09:13:33,249:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646433378316:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJMSjhoQl9HT2ZVQ0RCaWsyRHdOdFAxMzRITkZ1UzZkaXhXZGRyRDIybXVGSnQ1S2RKSzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzEzNTIzMzI2NDYvNjQ2NDMzMzc4MzE2In0",
  "signature": "xxtdnl9M7Z5YI0UooHxqOtWmTwd9N3HBsYYirbPEd14kBtjUJCbeWoph-FuesPkHTtFQOHHAvW0QxGPc70mFDvdn1PZGqcBjbvFD-MSgVN7Af-03v-HK4d9rx0IM3JLx-_aPgb_LDuqBvzKSN75fQJHyyE9YMrWKhQ5qwGLIF_qEiRewUfTxTv877CBIChv3aBAjFH3_D3-xjhOyuBYMPUwfFA2mtJzXyzESSrLgQ9tweei1fzMG5QymBman3bDxzv2iPY02pn6UfDyn_4TtdeGOrCF2NVUdOmyha8caLzh58uGtk1MojvjNKqcU4HjuZIYcIZLcErVmzxJ4O9P9ig",
  "payload": ""
}
2026-01-21 09:13:33,381:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1352332646/646433378316 HTTP/1.1" 200 822
2026-01-21 09:13:33,382:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:33 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: LJ8hB_GOtd91RulK9jfcNFDKkbpI12J2EX1EvfWd_W4WjxWutCo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "dend.nl.eu.org"
  },
  "status": "pending",
  "expires": "2026-01-28T08:13:30Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/BPKGZA",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/2N_wIw",
      "status": "pending",
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo"
    }
  ]
}
2026-01-21 09:13:33,382:DEBUG:acme.client:Storing nonce: LJ8hB_GOtd91RulK9jfcNFDKkbpI12J2EX1EvfWd_W4WjxWutCo
2026-01-21 09:13:36,385:DEBUG:acme.client:JWS payload:
b''
2026-01-21 09:13:36,386:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1352332646/646433378316:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMzMjY0NiIsICJub25jZSI6ICJMSjhoQl9HT3RkOTFSdWxLOWpmY05GREtrYnBJMTJKMkVYMUV2ZldkX1c0V2p4V3V0Q28iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzEzNTIzMzI2NDYvNjQ2NDMzMzc4MzE2In0",
  "signature": "VTqtBb8snURKxx2bCzTGR5EhzJcTt8jB4o9aH9bACIjyWnMypOZmkC0YfridkCPpBwEbKBpumKYEUUMpzg8dca3PjYy7775Phj-l6fPn4OG-jyV9UG3vOtJngeYCAW0FGXNdS1IKtYO93Js2qxlMybZrv2Rai9fVsuzLA6_dsmAXm7c57_BjYNr-pFBMXSSZJhGz1SyUa5Jz9Xzx_kqlxPhIWtDrR41Dhk1qO__Q9uOt5-ghWFrnGBl8hRuSrWGKyWxvYTz6RXFD2TW2RiHiM2JRhUSKBh0GO8XPiZZptH_lTkVFmOhHu71MPh4H-MN6EzLTBH33lNxC1jAM4X8l-Q",
  "payload": ""
}
2026-01-21 09:13:36,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1352332646/646433378316 HTTP/1.1" 200 1026
2026-01-21 09:13:36,817:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Jan 2026 08:13:36 GMT
Content-Type: application/json
Content-Length: 1026
Connection: keep-alive
Boulder-Requester: 1352332646
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: LJ8hB_GOSNHBitzZiR9iGXZdjjpnavSyjva51_vix8DbUvHC1-0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "dend.nl.eu.org"
  },
  "status": "invalid",
  "expires": "2026-01-28T08:13:30Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/1352332646/646433378316/L6e5aw",
      "status": "invalid",
      "validated": "2026-01-21T08:13:32Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "86.84.60.35: Invalid response from http://dend.nl.eu.org/.well-known/acme-challenge/GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo: 404",
        "status": 403
      },
      "token": "GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo",
      "validationRecord": [
        {
          "url": "http://dend.nl.eu.org/.well-known/acme-challenge/GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo",
          "hostname": "dend.nl.eu.org",
          "port": "80",
          "addressesResolved": [
            "86.84.60.35"
          ],
          "addressUsed": "86.84.60.35"
        }
      ]
    }
  ]
}
2026-01-21 09:13:36,817:DEBUG:acme.client:Storing nonce: LJ8hB_GOSNHBitzZiR9iGXZdjjpnavSyjva51_vix8DbUvHC1-0
2026-01-21 09:13:36,817:INFO:certbot._internal.auth_handler:Challenge failed for domain dend.nl.eu.org
2026-01-21 09:13:36,818:INFO:certbot._internal.auth_handler:http-01 challenge for dend.nl.eu.org
2026-01-21 09:13:36,818:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: dend.nl.eu.org
  Type:   unauthorized
  Detail: 86.84.60.35: Invalid response from http://dend.nl.eu.org/.well-known/acme-challenge/GHAuZiwvXEBc5UCeBuHpxsJtQHKl0Inl4jmVAieEvgo: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2026-01-21 09:13:36,820:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-01-21 09:13:36,820:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-01-21 09:13:36,820:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-01-21 09:13:36,821:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2026-01-21 09:13:36,821:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2026-01-21 09:13:37,391:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 197, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files\Certbot\pkgs\certbot\main.py", line 19, in main
    return internal_main.main(cli_args)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 1864, in main
    return config.func(config, plugins)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 129, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\renewal.py", line 395, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2026-01-21 09:13:37,394:ERROR:certbot._internal.log:Some challenges have failed.
2

Hi,

Apache is running on port 80, so if you use the certbot standalone option you have to stop apache first.

3

Hi, I've tried both. I've been using it for years. I've turned Apache server on and off, and even assigned a different port.
I've given permissions in the Windows firewall.
But nothing has helped so far.

4

I also checked everything on the router.
But no problems there either.
I checked the ports online, and they're open.

5

Ensure that the ACME client has permissions to create the file in the appropriate directory.

6

Thanks for the reply. However, this has never been a problem before.
I have full access (i.e., ownership) to my PC.

7

If you're using windows that's less true than you think. OS jingoism aside, the "TrustedInstaller" user and anything that runs under it (incl. Windows Defender) trump any user administrator permissions.

8

Thanks for the reply. But it was working fine before.
With or without owner rights.
So any ideas on how to fix this, if possible?

9

Debugging --standalone is very different than --webroot which uses your running Apache.

The log from your --standalone run looks like Apache was still running when you started that. The error was a 404 (HTTP Not Found) which is very unusual if Certbot --standalone received the incoming HTTP challenge from the Let's Encrypt server. I say very unusual but impossible is closer to accurate :slight_smile: Local permissions do not affect --standalone as it does not use a file for the challenge token. If you had stopped Apache perhaps a different port listener replied.

Which method do you want to debug? --webroot or --standalone?

Note the EFF who develop Certbot dropped support for it on Windows about 2 years ago. There have been significant changes in the ACME system since then. Instead of trying to fix Certbot you might replace it with an ACME Client designed for Windows. This may even be easier than debugging Certbot. In the long-term you should replace it anyway.

The 3 main clients we recommend are:

There is also an ACME Client called mod_md built-in to Apache. If you are comfortable with Apache admin this is an option: mod_md - Apache HTTP Server Version 2.4

2 Likes
10

1.086
Thanks for the reply. I mentioned earlier that I've tried things like turning the Apache server on and off.
And also the --webroot or --standalon methods.
I've turned Windows security on and off.
I also said that everything worked fine before.
That's why I don't understand it. I've been good at IT since Windows 95.
I took each step one by one.
This is what the certbot window says:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: dend.nl.eu.org
Type: connection
Detail: 86.84.60.35: Fetching http://dend.nl.eu.org/.well-known/acme-challenge/MSTG3PlFW8meF92MDTpygdEQCN4oWN0DZpz5f0Fd_q0: Connection refused

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone web server started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

When I turn on the server and go to http://86.84.60.35, the server works normally (is now turned off) (also tested via online testing).

11

The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.

Probably the easiest way to test is with these command options:

certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)

This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.

Leave it paused and use a different device to test connection. You can use a mobile phone with wifi disabled to use your carrier's network.

You do not have to use the full URL. Just try http://(domain)

If the connection works this shorter URL should see a response like below. Let us know what you see. If you leave it running we can test it from our location(s) too.

ACME client standalone challenge solver
2 Likes
12

Thanks for the reply. This is what I got with the command:
C:\Windows\System32>certbot certonly --standalone --dry-run --debug-challenges -v -d
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument -d/--domains/--domain: expected one argument

13

You are meant to use your domain name in place of (domain) in my example command

Sorry, I could have tailored it for you. That is my template I use for the (many) times I've helped others with similar problems.

1 Like
14

Thanks for the reply. Could you explain that last point a bit more?

15

Try this command

certbot certonly --standalone --dry-run --debug-challenges -v -d dend.nl.eu.org

Notice your domain name following the -d option. In my example it was (domain)

UPDATE: By the way, Apache is running again. Be sure to stop it before the above

1 Like
16

Thank you for the response. Get this:
C:\Windows\System32>certbot certonly --standalone --dry-run --debug-challenges -v -d dend.nl.eu.org
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Simulating a certificate request for dend.nl.eu.org
Performing the following challenges:
http-01 challenge for dend.nl.eu.org

Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://dend.nl.eu.org/.well-known/acme-challenge/B_zocgFnAUvv-QvasOZoPtL9OtJ9XC_SJ8JUzBNgnzw
Expected value:
B_zocgFnAUvv-QvasOZoPtL9OtJ9XC_SJ8JUzBNgnzw.WAPJKsbg3PQkQMut6_3VwMH4e78HX1icSW226vafjJo

Press Enter to Continueeach
Waiting for verification...
Challenge failed for domain dend.nl.eu.org
http-01 challenge for dend.nl.eu.org

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: dend.nl.eu.org
Type: unauthorized
Detail: 86.84.60.35: Invalid response from https://www.dend.nl.eu.org/.well-known/acme-challenge/B_zocgFnAUvv-QvasOZoPtL9OtJ9XC_SJ8JUzBNgnzw: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone web server started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

17

Your Apache is running. I can see it right now.

curl -i http://dend.nl.eu.org/.well-known/acme-challenge/Test404
HTTP/1.1 302 Found
Date: Wed, 21 Jan 2026 14:39:55 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Location: https://www.dend.nl.eu.org/.well-known/acme-challenge/Test404
Content-Length: 349

Maybe we should abandon --standalone debugging and work with Apache. That's what you want to get working anyway - right?

3 Likes
18

Yes indeed, how should I proceed?
The mod_md is enabled in the Apache server.

19

Well, in general refer to its docs :slight_smile:

The Apache mod_md docs are a good reference guide. See: mod_md - Apache HTTP Server Version 2.4

But, the github for mod_md has good How To's. See: GitHub - icing/mod_md: Let's Encrypt (ACME) in Apache httpd

If that doesn't work out Certify the Web is probably the easiest. It has a gui and is well-supported. It usually integrates with IIS but has 'deploy' tasks for Apache (and other) server. Simple-acme should be pretty easy too.

3 Likes
20

Thank you, I will look into it.

2 Likes